CVE-2021-39908

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-39908

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-39908.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-39908

Aliases

BIT-gitlab-2021-39908

Downstream

UBUNTU-CVE-2021-39908

Published

2022-04-01T23:15:10.407Z

Modified

2026-02-13T02:48:25.427198Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

In all versions of GitLab CE/EE starting from 0.8.0 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 certain Unicode characters can be abused to commit malicious code into projects without being noticed in merge request or source code viewer UI.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

9ed95b96a6766af9336048a63a29b678f88a9413

Introduced

dec73e99fddac59c0bf816dc4bffd2a30abae6de

Fixed

3e776d83389c706fb81973736e57ca6a6fb952fc

Affected versions

v14.*

v14.3.0-ee

v14.3.1-ee

v14.3.2-ee

v14.3.3-ee

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-39908.json"